Terry Pollard wrote:
Hi,
I am trying to get OpenSSH working under Z/OS 1.4 and I am getting an error
which I cannot seem to get around. It is saying it cannot permit a SETUID
command to create the unpriviledged user when my client connects to SSHD.
The Debug output:
Connection from 192.168.0.9 port 1317
debug1: Client protocol version 2.0; client software version PuTTY_Release_0.58
debug1: no match: PuTTY_Release_0.58
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug2: Network child is on pid 33620018
debug3: Current IBM Release level: 14
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 600:66
debug1: permanently_set_uid: 600/66
setuid 600: EDC5139I Operation not permitted. <<< message
debug1: do_cleanup
debug1: do_cleanup
I believe I have done all the necessary RACF things, and nothing I change
seems to have worked to get past this message. The EDC message in the manual
says little more than the text you see and nothing I can read about SETUID
seems to be helpful either.
The userid sshd is running under needs to be a superuser (UID=0) and,
additionally, needs to have READ access to profile BPX.DAEMON in class
FACILITY. You should also look into the SYSLOG (the console log, not the
log files written by syslogd) and check for RACF messages that
indicate problems with a controlled program environment.
--
Ulrich Boche
SVA GmbH, Germany
IBM Premier Business Partner
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
